I have a Cisco border router (CAT9K_IOSXE) that connects to the Internet and inside the network. Per Shodoan.io, I have hits on SNMP which are SVI IPs on the border router. So basically, anyone from the internet can snmp scan using SVI IP. I would li...
On the outside Interface? If so, that is an option, however I was hoping for avoiding that overhead. Currently there is no ACL on the out interface and adding just this ACl with 40+ SVI IPs will add un necessary overhead.What are your thoughts on bel...
@MHM Cisco World These are the standard SNMP commands that the org is using. Maybe I can look into fine tunning SNMP but currently I am focusing on blocking the SNMP traffic from Internet that are able to scan SVI IPs.
@MHM Cisco World Sure. Here is SNMP:snmp-server group default v3 priv snmp-server group CoSNMPv3User v3 priv snmp-server group CoSNMPv3View v3 priv snmp-server group CoSNMPv3Group v3 priv read CoSNMPv3View write CoSNMPv3View access 101snmp-server ho...
